Merge branch 'kafbat:main' into main

Author: AspidDark

.github/CODEOWNERS

@@ -2,6 +2,7 @@
 
 
 # BACKEND
+gradle/libs.versions.toml   @kafbat/backend
 /build.gradle               @kafbat/backend
 /gradle.properties          @kafbat/backend
 /settings.gradle            @kafbat/backend

.github/dependabot.yml

@@ -7,14 +7,20 @@ updates:
     interval: weekly
     time: "10:00"
     timezone: Europe/London
-  reviewers:
-    - "kafbat/backend"
   open-pull-requests-limit: 10
   labels:
     - "type/dependencies"
     - "scope/backend"
   groups:
-    gradle-dependencies:
+    spring-boot-dependencies:
+      patterns:
+        - "org.springframework.boot:*"
+        - "io.spring.dependency-management"
+      # We will handle major upgrades manually
+      update-types:
+        - "patch"
+        - "minor"
+    other-dependencies:
       patterns:
         - "*"
       update-types:
@@ -27,8 +33,6 @@ updates:
     interval: weekly
     time: "10:00"
     timezone: Europe/London
-  reviewers:
-    - "kafbat/backend"
   open-pull-requests-limit: 10
   ignore:
   - dependency-name: "azul/zulu-openjdk-alpine"
@@ -43,8 +47,6 @@ updates:
     interval: weekly
     time: "10:00"
     timezone: Europe/London
-  reviewers:
-    - "kafbat/frontend"
   open-pull-requests-limit: 10
   versioning-strategy: increase-if-necessary
   labels:
@@ -64,8 +66,6 @@ updates:
     interval: weekly
     time: "10:00"
     timezone: Europe/London
-  reviewers:
-    - "kafbat/devops"
   open-pull-requests-limit: 10
   labels:
     - "type/dependencies"

api/build.gradle

@@ -14,7 +14,12 @@ dependencies {
     implementation project(":contract")
     implementation project(":serde-api")
     implementation libs.spring.starter.webflux
-    implementation libs.spring.starter.security
+    implementation(libs.spring.starter.security){
+        exclude group: 'com.nimbusds', module: 'nimbus-jose-jwt' because("Temporary overwrite to fix CVE-2025-53864. See https://avd.aquasec.com/nvd/2025/cve-2025-53864/")
+    }
+    implementation(libs.nimbus.jose.jwt){
+        because("Fixes CVE-2025-5386. See https://avd.aquasec.com/nvd/2025/cve-2025-53864/")
+    }
     implementation libs.spring.starter.actuator
     implementation libs.spring.starter.logging
     implementation libs.spring.starter.oauth2.client

frontend/src/components/Brokers/Broker/Configs/TableComponents/InputCell/InputCellViewMode.tsx

@@ -1,9 +1,10 @@
 import React, { type FC } from 'react';
-import { Button } from 'components/common/Button/Button';
 import EditIcon from 'components/common/Icons/EditIcon';
 import type { ConfigUnit } from 'components/Brokers/Broker/Configs/lib/types';
-import Tooltip from 'components/common/Tooltip/Tooltip';
 import { getConfigDisplayValue } from 'components/Brokers/Broker/Configs/lib/utils';
+import { ActionButton } from 'components/common/ActionComponent';
+import { Action, ResourceType } from 'generated-sources';
+import { getDefaultActionMessage } from 'components/common/ActionComponent/ActionComponent';
 
 import * as S from './styled';
 
@@ -35,22 +36,22 @@ const InputCellViewMode: FC<InputCellViewModeProps> = ({
       <S.Value $isDynamic={isDynamic} title={title}>
         {displayValue}
       </S.Value>
-      <Tooltip
-        value={
-          <Button
-            buttonType="primary"
-            buttonSize="S"
-            aria-label="editAction"
-            onClick={onEdit}
-            disabled={isReadOnly}
-          >
-            <EditIcon /> Edit
-          </Button>
+      <ActionButton
+        buttonType="primary"
+        buttonSize="S"
+        aria-label="editAction"
+        onClick={onEdit}
+        disabled={isReadOnly}
+        message={
+          isReadOnly ? 'Property is read-only' : getDefaultActionMessage()
         }
-        showTooltip={isReadOnly}
-        content="Property is read-only"
-        placement="left"
-      />
+        permission={{
+          resource: ResourceType.CLUSTERCONFIG,
+          action: Action.EDIT,
+        }}
+      >
+        <EditIcon /> Edit
+      </ActionButton>
     </S.ValueWrapper>
   );
 };

frontend/src/components/Topics/Topic/Statistics/PartitionInfoRow.tsx

@@ -74,13 +74,13 @@ const PartitionInfoRow: React.FC<{ row: Row<TopicAnalysisStats> }> = ({
       <div>
         <Heading level={4}>Values sizes</Heading>
         <List>
-          <Label>Total key size</Label>
+          <Label>Total value size</Label>
           <BytesFormatted value={valueSize?.sum} />
-          <Label>Min key size</Label>
+          <Label>Min value size</Label>
           <BytesFormatted value={valueSize?.min} />
-          <Label>Max key size</Label>
+          <Label>Max value size</Label>
           <BytesFormatted value={valueSize?.max} />
-          <Label>Avg key size</Label>
+          <Label>Avg value size</Label>
           <BytesFormatted value={valueSize?.avg} />
           <Label>Percentile 50</Label>
           <BytesFormatted value={valueSize?.prctl50} />

frontend/src/components/common/ActionComponent/ActionButton/ActionCanButton/ActionCanButton.tsx

@@ -21,7 +21,7 @@ const ActionButton: React.FC<Props> = ({
   const isDisabled = !canDoAction;
 
   const { x, y, refs, strategy, open } = useActionTooltip(
-    isDisabled,
+    isDisabled || disabled,
     placement
   );
 

gradle/libs.versions.toml

@@ -1,10 +1,11 @@
 [versions]
 spring-boot = '3.5.3'
+nimbus-jose-jwt = '10.0.2'
 
 aws-msk-auth = '2.3.0'
 azure-identity = '1.15.4'
 
-apache-commons-lang3 = '3.12.0'
+apache-commons-lang3 = '3.18.0'
 apache-commons-io = '2.18.0'
 apache-commons-pool2 = '2.12.1'
 apache-datasketches = '3.1.0'
@@ -37,12 +38,9 @@ checkstyle = '10.24.0'
 allure = '2.29.1'
 selenide = '7.2.3'
 testng = '7.10.0'
-bonigarcia-webdrivermanager = '5.9.3'
+bonigarcia-webdrivermanager = '6.1.1'
 aspectj = '1.9.21'
 
-# CVE fixes
-netty = '4.1.119.Final'
-
 [plugins]
 spring-boot = { id = 'org.springframework.boot', version.ref = 'spring-boot' }
 spring-dependency-management = { id = 'io.spring.dependency-management', version = '1.1.3' }
@@ -60,6 +58,8 @@ spring-starter-actuator = { module = 'org.springframework.boot:spring-boot-start
 spring-starter-test = { module = 'org.springframework.boot:spring-boot-starter-test', version.ref = 'spring-boot' }
 spring-starter-webflux = { module = 'org.springframework.boot:spring-boot-starter-webflux', version.ref = 'spring-boot' }
 spring-starter-security = { module = 'org.springframework.boot:spring-boot-starter-security', version.ref = 'spring-boot' }
+# Temporary overwrite to fix CVE-2025-53864
+nimbus-jose-jwt = { module = 'com.nimbusds:nimbus-jose-jwt', version.ref = 'nimbus-jose-jwt' }
 spring-starter-validation = { module = 'org.springframework.boot:spring-boot-starter-validation', version.ref = 'spring-boot' }
 spring-starter-oauth2-client = { module = 'org.springframework.boot:spring-boot-starter-oauth2-client', version.ref = 'spring-boot' }
 spring-starter-logging = { module = 'org.springframework.boot:spring-boot-starter-logging', version.ref = 'spring-boot' }